[KB7444] Resolve failed loading of modules in earlier versions of ESET security products for Windows servers

Issue

Details


Click to expand

ESET has identified that our kernel has a problem with verification of the timestamp of an already expired certificate (expired by the 7th of February 2020). This method fails and our modules in older, legacy versions, are declared as untrusted and therefore are not loaded. This mechanism ensures that no untrusted library is loaded.

As a result, the affected versions fail to load modules (Firewall, HIPS, Updated, Device Control, Web and Email protection) and are not functional, therefore the protection is not functional.

Click here to read more about this issue or visit Legacy products startup issue FAQ


Solution

Important!

If you are using affected versions and the issue is not manifesting, do not restart the machine and perform an upgrade immediately.

Update your security product to the latest version

If you have not restarted your computer with ESET Security product yet, make sure you have Update Module (version 1074.3) listed in Installed components. This module ensures protection and enables a subsequent upgrade to the latest version, which is a required step to fully mitigate the situation.

Then, upgrade to the latest version:

Check the version of installed modules in ESET Endpoint Security

In the main program window, navigate to Help and support > About ESET Endpoint Security and click Installed components. If the version of the Update module is 1074.3, your ESET product has been successfully updated.


Use the fixing tool if you restarted your computer

If you have restarted your computer with ESET Security product v6.5, use the Fixing tool and then upgrade to the latest version if possible.

  1. Download CertFix.exe. If you are unable to download an executable file with your browser, download CertFix.rar.

  2. Run the Fixing tool. If you manage your computer remotely, run the Fixing tool as a client task in ESMCOperating systemRun command.

    Optionally, automatically download and run the Fixing tool with the following script (the log will be created):

    powershell -command "& {(New-Object System.Net.WebClient).DownloadFile('http://help.eset.com/eset_tools/CertFix.exe', '%temp%\CertFix.exe');(Start-process '%temp%\CertFix.exe' -NoNewWindow)}" > C:\CertFix.log

NOTE:

Windows PowerShell comes installed by default in every Windows, starting with Windows 7 SP1 and Windows Server 2008 R2 SP1.

  1. If the registration did not execute correctly, run the Fixing tool with the following parameter: CertFix.exe --fix-wsc-only
  2. If you are having any concerns or questions – or are unable to upgrade to the latest versions – contact ESET Technical Support in your region.


Recommended ESET software versions

We recommend upgrading Server products version 6.5 to the following versions:

If you want to run version 6.5 anyway, we recommend the following versions:

ESET File Security for Windows 6.5.12018.0 32-bit
ESET File Security for Windows 6.5.12018.0 64-bit

ESET Mail Security for Microsoft Exchange Server 6.5.10059.0 32-bit
ESET Mail Security for Microsoft Exchange Server 6.5.10059.0 64-bit

ESET Mail Security for Lotus Domino 6.5.14026.0 32-bit
ESET Mail Security for Lotus Domino 6.5.14026.0 64-bit

ESET Security for Kerio 6.5.16009.1 32-bit
ESET Security for Kerio 6.5.16009.1 64-bit

If you do not upgrade, you will see the following message in the main program window: